The Joker malware is making rounds once again and has been discovered wrapped in a mobile application called Color Message. The malware had already targeted over 500,000 users before it was removed from Play Store.

What has happened?

The malware is disguised as a utility app and registers unsuspecting users with premium SMS charges. Often, the victim knows about this only after they receive an overcharged mobile bill.
  • The malicious app was found to offer the ability to enhance messaging with fun emojis and screen overlays.
  • Additionally, the app's terms and conditions were found to be brief and hosted on an unbranded one-page blog.
  • The malicious app laden with Joker steals contact lists and device information and can hide its icons from the home screen. 

Additionally, the app has been making connections to Russian servers.

Ratings and feedback

  • The app had over 1,800 reviews with an average rating of four stars. 
  • However, the recent reviews are not all fake, as some users rated it negatively as well, using comments such as misleading ads and the worst app ever. 
  • One of the victims attempted to contact the app developer via the comment section of the legal page, while others were complaining regarding the fraudulent behavior of the app on the store.

Additional info

  • Joker-laced apps are often found on external sources instead of the Google Play store, however, they continue to bypass Google Play’s protection. Thanks to its lightweight development and regular code improvements.
  • One of its recent versions uses developer tool, Flutter, to avoid app-store protections and device-based security.
  • In the last four years, more than 1,800 Android apps infected with Joker have been removed from the store.

Conclusion

Google Play has built-in security measures to stop malicious apps from being uploaded on the platform. However, cybercriminals behind these malicious apps keep finding new ways to bypass Google Play protections. Thus, it is suggested to always keep an eye on suspicious activity by any app and report any discrepancy with transactions.

Cyware Publisher

Publisher

Cyware